In this article

Single Sign-On for Terminal Services

07/02/2012

2 minutes to read

In this article

Applies To: Windows Server 2008

What is single sign-on for Terminal Services?

Single sign-on is an authentication method that allows a user with a domain account to log on once by using a password, and then gain access to remote servers without being asked for their credentials again.

Key scenarios for single sign-on

The key scenarios for single sign-on are:

Line-of-business (LOB) applications deployment

Centralized application deployment

Due to lower maintenance costs, many companies prefer to install their LOB applications on a terminal server and make these applications available through RemoteApps or Remote Desktop. Single sign-on makes it possible to give users a better experience by eliminating the need for users to enter credentials every time they initiate a remote session.

Prerequisites for deploying single sign-on

To implement single sign-on functionality in Terminal Services, ensure that you meet the following requirements:

You can only use single sign-on for remote connections from a Windows Vista®-based computer to a Windows Server® 2008-based terminal server. You can also use single sign-on for remote connections from a Windows Server 2008-based server to a Windows Server 2008-based server.

Make sure that the user accounts that are used for logging on have appropriate rights to log on to both the terminal server and the Windows Vista client.

Your client computer and terminal server must be joined to a domain.

You must use password-based authentication. Smart cards are not supported.

Recommended configuration of a terminal server when using single sign-on

To configure the recommended settings for your terminal server, complete the following steps:

Configure authentication on the terminal server.

Configure the Windows Vista-based computer to allow default credentials to be used for logging on to the specified terminal servers.